UID2-5511 handle query param and body (#501)

* Audit log for client key service

* Audit log for client side keypair service

* Audit log for enclave id service

* Audit log for encryption key service

* Audit log for operator key service

* Update shared to 10.0.0

* Log bodyf or partner config service

* Audit log for salt service

* Audit log for service link service

* Audit log for service service

* Audit log for sharing service

* Audit log for site service

* Audit log for cloud encryption key service

Author: cYKatherine

pom.xml

@@ -16,7 +16,7 @@
         <!-- check micrometer.version vertx-micrometer-metrics consumes before bumping up -->
         <micrometer.version>1.12.2</micrometer.version>
         <junit-jupiter.version>5.11.2</junit-jupiter.version>
-        <uid2-shared.version>9.4.11</uid2-shared.version>
+        <uid2-shared.version>10.0.0</uid2-shared.version>
         <okta-jwt.version>0.5.10</okta-jwt.version>
         <image.version>${project.version}</image.version>
     </properties>

src/main/java/com/uid2/admin/vertx/service/ClientKeyService.java

@@ -11,6 +11,7 @@
 import com.uid2.admin.vertx.RequestUtil;
 import com.uid2.admin.vertx.ResponseUtil;
 import com.uid2.admin.vertx.WriteLock;
+import com.uid2.shared.audit.AuditParams;
 import com.uid2.shared.auth.Role;
 import com.uid2.shared.model.Site;
 import com.uid2.shared.secret.IKeyGenerator;
@@ -26,10 +27,7 @@
 import org.slf4j.LoggerFactory;
 
 import java.time.Instant;
-import java.util.Collection;
-import java.util.List;
-import java.util.Optional;
-import java.util.Set;
+import java.util.*;
 import java.util.stream.Collectors;
 
 import static com.uid2.admin.vertx.Endpoints.*;
@@ -97,37 +95,37 @@ public void setupRoutes(Router router) {
             synchronized (writeLock) {
                 this.handleClientAdd(ctx);
             }
-        }, Role.MAINTAINER, Role.SHARING_PORTAL));
+        }, new AuditParams(List.of("name", "roles", "site_id"), Collections.emptyList()), Role.MAINTAINER, Role.SHARING_PORTAL));
 
         router.post(API_CLIENT_DEL.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleClientDel(ctx);
             }
-        }, Role.SUPER_USER));
+        }, new AuditParams(List.of("contact"), Collections.emptyList()), Role.SUPER_USER));
 
         router.post(API_CLIENT_UPDATE.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleClientUpdate(ctx);
             }
-        }, Role.MAINTAINER));
+        }, new AuditParams(List.of("contact"), Collections.emptyList()), Role.MAINTAINER));
 
         router.post(API_CLIENT_DISABLE.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleClientDisable(ctx);
             }
-        }, Role.MAINTAINER, Role.SHARING_PORTAL));
+        }, new AuditParams(List.of("contact"), Collections.emptyList()), Role.MAINTAINER, Role.SHARING_PORTAL));
 
         router.post(API_CLIENT_ENABLE.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleClientEnable(ctx);
             }
-        }, Role.MAINTAINER));
+        }, new AuditParams(List.of("contact"), Collections.emptyList()), Role.MAINTAINER));
 
         router.post(API_CLIENT_ROLES.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleClientRoles(ctx);
             }
-        }, Role.PRIVILEGED, Role.SHARING_PORTAL));
+        }, new AuditParams(List.of("contact", "roles"), Collections.emptyList()), Role.PRIVILEGED, Role.SHARING_PORTAL));
 
         router.post(API_CLIENT_CONTACT.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
@@ -139,7 +137,7 @@ public void setupRoutes(Router router) {
             synchronized (writeLock) {
                 this.handleClientRename(ctx);
             }
-        }, Role.MAINTAINER, Role.SHARING_PORTAL));
+        }, new AuditParams(List.of("contact", "newName"), Collections.emptyList()), Role.MAINTAINER, Role.SHARING_PORTAL));
     }
 
     private void handleRewriteMetadata(RoutingContext rc) {

src/main/java/com/uid2/admin/vertx/service/ClientSideKeypairService.java

@@ -8,6 +8,7 @@
 import com.uid2.admin.store.writer.ClientSideKeypairStoreWriter;
 import com.uid2.admin.vertx.ResponseUtil;
 import com.uid2.admin.vertx.WriteLock;
+import com.uid2.shared.audit.AuditParams;
 import com.uid2.shared.auth.Role;
 import com.uid2.shared.model.ClientSideKeypair;
 import com.uid2.shared.store.reader.RotatingClientSideKeypairStore;
@@ -69,12 +70,12 @@ public void setupRoutes(Router router) {
             synchronized (writeLock) {
                 this.handleAddKeypair(ctx);
             }
-        }, Role.MAINTAINER, Role.SHARING_PORTAL));
+        }, new AuditParams(Collections.emptyList(), List.of("site_id", "name", "contact", "disabled")), Role.MAINTAINER, Role.SHARING_PORTAL));
         router.post(API_CLIENT_SIDE_KEYPAIRS_UPDATE.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleUpdateKeypair(ctx);
             }
-        }, Role.MAINTAINER, Role.SHARING_PORTAL));
+        }, new AuditParams(Collections.emptyList(), List.of("subscription_id", "name", "contact", "disabled")), Role.MAINTAINER, Role.SHARING_PORTAL));
         router.get(API_CLIENT_SIDE_KEYPAIRS_LIST.toString()).handler(
             auth.handle(this::handleListAllKeypairs, Role.MAINTAINER, Role.METRICS_EXPORT));
         router.get(API_CLIENT_SIDE_KEYPAIRS_SUBSCRIPTIONID.toString()).handler(

src/main/java/com/uid2/admin/vertx/service/CloudEncryptionKeyService.java

@@ -8,12 +8,16 @@
 import com.uid2.admin.job.JobDispatcher;
 import com.uid2.admin.model.CloudEncryptionKeyListResponse;
 import com.uid2.admin.vertx.Endpoints;
+import com.uid2.shared.audit.AuditParams;
 import com.uid2.shared.auth.Role;
 import com.uid2.shared.util.Mapper;
 import io.vertx.core.http.HttpHeaders;
 import io.vertx.ext.web.Router;
 import io.vertx.ext.web.RoutingContext;
 
+import java.util.Collections;
+import java.util.List;
+
 public class CloudEncryptionKeyService implements IService {
     private final AdminAuthMiddleware auth;
     private final CloudEncryptionKeyManager keyManager;
@@ -39,7 +43,7 @@ public void setupRoutes(Router router) {
         );
 
         router.post(Endpoints.CLOUD_ENCRYPTION_KEY_ROTATE.toString()).handler(
-                auth.handle(this::handleRotate, Role.MAINTAINER, Role.SECRET_ROTATION)
+                auth.handle(this::handleRotate, new AuditParams(List.of("fail"), Collections.emptyList()), Role.MAINTAINER, Role.SECRET_ROTATION)
         );
     }
 

src/main/java/com/uid2/admin/vertx/service/EnclaveIdService.java

@@ -8,6 +8,7 @@
 import com.uid2.admin.vertx.RequestUtil;
 import com.uid2.admin.vertx.ResponseUtil;
 import com.uid2.admin.vertx.WriteLock;
+import com.uid2.shared.audit.AuditParams;
 import com.uid2.shared.auth.EnclaveIdentifierProvider;
 import com.uid2.shared.auth.Role;
 import com.uid2.shared.model.EnclaveIdentifier;
@@ -18,6 +19,7 @@
 import io.vertx.ext.web.RoutingContext;
 
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
 import java.util.stream.Collectors;
@@ -55,12 +57,12 @@ public void setupRoutes(Router router) {
             synchronized (writeLock) {
                 this.handleEnclaveAdd(ctx);
             }
-        }, Role.PRIVILEGED));
+        }, new AuditParams(List.of("name", "protocol", "enclave_id"), Collections.emptyList()), Role.PRIVILEGED));
         router.post(API_ENCLAVE_DEL.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleEnclaveDel(ctx);
             }
-        }, Role.SUPER_USER));
+        }, new AuditParams(List.of("name"), Collections.emptyList()), Role.SUPER_USER));
     }
 
     private void handleEnclaveMetadata(RoutingContext rc) {

src/main/java/com/uid2/admin/vertx/service/EncryptionKeyService.java

@@ -14,6 +14,7 @@
 import com.uid2.admin.vertx.ResponseUtil;
 import com.uid2.admin.vertx.WriteLock;
 import com.uid2.shared.Const;
+import com.uid2.shared.audit.AuditParams;
 import com.uid2.shared.auth.Role;
 import com.uid2.shared.model.EncryptionKey;
 import com.uid2.shared.model.KeysetKey;
@@ -147,20 +148,20 @@ public void setupRoutes(Router router) {
             synchronized (writeLock) {
                 this.handleAddSiteKey(ctx);
             }
-        }, Role.MAINTAINER));
+        }, new AuditParams(List.of("site_id", "activates_in_seconds"), Collections.emptyList()), Role.MAINTAINER));
 
         router.post(API_KEY_ROTATE_SITE.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleRotateSiteKey(ctx);
             }
-        }, Role.MAINTAINER));
+        }, new AuditParams(List.of("site_id"), Collections.emptyList()), Role.MAINTAINER));
 
         if(enableKeysets) {
             router.post(API_KEY_ROTATE_KEYSET_KEY.toString()).blockingHandler(auth.handle((ctx) -> {
                 synchronized (writeLock) {
                     this.handleRotateKeysetKey(ctx);
                 }
-            }, Role.MAINTAINER));
+            }, new AuditParams(List.of("keyset_id"), Collections.emptyList()), Role.MAINTAINER));
         }
 
         router.post(API_KEY_ROTATE_ALL_SITES.toString()).blockingHandler(auth.handle((ctx) -> {

src/main/java/com/uid2/admin/vertx/service/OperatorKeyService.java

@@ -4,6 +4,7 @@
 import com.uid2.admin.auth.AdminAuthMiddleware;
 import com.uid2.admin.auth.RevealedKey;
 import com.uid2.admin.cloudencryption.CloudEncryptionKeyManager;
+import com.uid2.shared.audit.AuditParams;
 import com.uid2.shared.model.Site;
 import com.uid2.shared.secret.IKeyGenerator;
 import com.uid2.admin.store.writer.OperatorKeyStoreWriter;
@@ -78,43 +79,43 @@ public void setupRoutes(Router router) {
         router.get(API_OPERATOR_LIST.toString()).handler(
             auth.handle(this::handleOperatorList, Role.MAINTAINER, Role.METRICS_EXPORT));
         router.get(API_OPERATOR_REVEAL.toString()).handler(
-            auth.handle(this::handleOperatorReveal, Role.MAINTAINER));
+            auth.handle(this::handleOperatorReveal, new AuditParams(List.of("name"), Collections.emptyList()), Role.MAINTAINER));
 
         router.post(API_OPERATOR_ADD.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleOperatorAdd(ctx);
             }
-        }, Role.MAINTAINER));
+        }, new AuditParams(List.of("name", "protocol", "site_id", "operator_type", "roles"), Collections.emptyList()), Role.MAINTAINER));
 
         router.post(API_OPERATOR_DEL.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleOperatorDel(ctx);
             }
-        }, Role.SUPER_USER));
+        }, new AuditParams(List.of("name"), Collections.emptyList()), Role.SUPER_USER));
 
         router.post(API_OPERATOR_DISABLE.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleOperatorDisable(ctx);
             }
-        }, Role.PRIVILEGED));
+        }, new AuditParams(List.of("name"), Collections.emptyList()), Role.PRIVILEGED));
 
         router.post(API_OPERATOR_ENABLE.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleOperatorEnable(ctx);
             }
-        }, Role.MAINTAINER));
+        }, new AuditParams(List.of("name"), Collections.emptyList()), Role.MAINTAINER));
 
         router.post(API_OPERATOR_UPDATE.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleOperatorUpdate(ctx);
             }
-        }, Role.PRIVILEGED));
+        }, new AuditParams(List.of("name", "site_id", "operator_type"), Collections.emptyList()), Role.PRIVILEGED));
 
         router.post(API_OPERATOR_ROLES.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleOperatorRoles(ctx);
             }
-        }, Role.PRIVILEGED));
+        }, new AuditParams(List.of("name", "roles"), Collections.emptyList()), Role.PRIVILEGED));
     }
 
     private void handleOperatorMetadata(RoutingContext rc) {

src/main/java/com/uid2/admin/vertx/service/PartnerConfigService.java

@@ -5,12 +5,16 @@
 import com.uid2.admin.store.writer.PartnerStoreWriter;
 import com.uid2.admin.vertx.ResponseUtil;
 import com.uid2.admin.vertx.WriteLock;
+import com.uid2.shared.audit.AuditParams;
 import com.uid2.shared.auth.Role;
 import io.vertx.core.http.HttpHeaders;
 import io.vertx.core.json.JsonArray;
 import io.vertx.ext.web.Router;
 import io.vertx.ext.web.RoutingContext;
 
+import java.util.Collections;
+import java.util.List;
+
 import static com.uid2.admin.vertx.Endpoints.API_PARTNER_CONFIG_GET;
 import static com.uid2.admin.vertx.Endpoints.API_PARTNER_CONFIG_UPDATE;
 
@@ -38,7 +42,7 @@ public void setupRoutes(Router router) {
             synchronized (writeLock) {
                 this.handlePartnerConfigUpdate(ctx);
             }
-        }, Role.PRIVILEGED));
+        }, new AuditParams(Collections.emptyList(), List.of("partner_id", "config")), Role.PRIVILEGED));
     }
 
     private void handlePartnerConfigGet(RoutingContext rc) {

src/main/java/com/uid2/admin/vertx/service/SaltService.java

@@ -7,6 +7,7 @@
 import com.uid2.admin.vertx.RequestUtil;
 import com.uid2.admin.vertx.ResponseUtil;
 import com.uid2.admin.vertx.WriteLock;
+import com.uid2.shared.audit.AuditParams;
 import com.uid2.shared.auth.Role;
 import com.uid2.shared.model.SaltEntry;
 import com.uid2.shared.store.salt.RotatingSaltProvider;
@@ -21,6 +22,7 @@
 import java.time.*;
 import java.time.format.DateTimeFormatter;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
 
@@ -57,7 +59,7 @@ public void setupRoutes(Router router) {
             synchronized (writeLock) {
                 this.handleSaltRotate(ctx);
             }
-        }, Role.SUPER_USER, Role.SECRET_ROTATION));
+        }, new AuditParams(List.of("fraction", "min_ages_in_seconds", "target_date"), Collections.emptyList()), Role.SUPER_USER, Role.SECRET_ROTATION));
     }
 
     private void handleSaltSnapshots(RoutingContext rc) {

src/main/java/com/uid2/admin/vertx/service/ServiceLinkService.java

@@ -4,6 +4,7 @@
 import com.uid2.admin.store.writer.StoreWriter;
 import com.uid2.admin.vertx.ResponseUtil;
 import com.uid2.admin.vertx.WriteLock;
+import com.uid2.shared.audit.AuditParams;
 import com.uid2.shared.auth.Role;
 import com.uid2.shared.model.ServiceLink;
 import com.uid2.shared.store.reader.RotatingServiceLinkStore;
@@ -17,10 +18,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.util.Collection;
-import java.util.Comparator;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
 import java.util.stream.Collectors;
 
 import static com.uid2.admin.vertx.Endpoints.*;
@@ -56,17 +54,17 @@ public void setupRoutes(Router router) {
             synchronized (writeLock) {
                 this.handleServiceLinkAdd(ctx);
             }
-        }, Role.MAINTAINER));
+        }, new AuditParams(Collections.emptyList(), List.of("link_id", "service_id", "site_id", "name", "roles")), Role.MAINTAINER));
         router.post(API_SERVICE_LINK_UPDATE.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleServiceLinkUpdate(ctx);
             }
-        }, Role.MAINTAINER));
+        }, new AuditParams(Collections.emptyList(), List.of("link_id", "service_id", "site_id", "name", "roles")), Role.MAINTAINER));
         router.post(API_SERVICE_LINK_DELETE.toString()).blockingHandler(auth.handle((ctx) -> {
             synchronized (writeLock) {
                 this.handleServiceLinkDelete(ctx);
             }
-        }, Role.PRIVILEGED));
+        }, new AuditParams(Collections.emptyList(), List.of("link_id", "service_id")), Role.PRIVILEGED));
     }
 
     private void handleServiceLinkList(RoutingContext rc) {